Modifier and Type | Method and Description |
---|---|
protected RequestSecurityTokenResponseType |
TokenIssueOperation.createResponse(EncryptionProperties encryptionProperties,
TokenProviderResponse tokenResponse,
TokenRequirements tokenRequirements,
KeyRequirements keyRequirements) |
protected RequestSecurityTokenResponseType |
TokenRenewOperation.createResponse(EncryptionProperties encryptionProperties,
TokenRenewerResponse tokenRenewerResponse,
TokenRequirements tokenRequirements,
KeyRequirements keyRequirements) |
protected RequestSecurityTokenResponseType |
TokenCancelOperation.createResponse(TokenRequirements tokenRequirements) |
protected RequestSecurityTokenResponseType |
TokenValidateOperation.createResponse(TokenValidatorResponse tokenResponse,
TokenProviderResponse tokenProviderResponse,
TokenRequirements tokenRequirements) |
protected Element |
AbstractOperation.encryptSecret(byte[] secret,
EncryptionProperties encryptionProperties,
KeyRequirements keyRequirements)
Encrypt a secret using the given arguments producing a DOM EncryptedKey element
|
Modifier and Type | Method and Description |
---|---|
protected static KeyInfoBean |
DefaultSubjectProvider.createEncryptedKeyKeyInfo(X509Certificate certificate,
byte[] secret,
Document doc,
EncryptionProperties encryptionProperties,
Crypto encryptionCrypto)
Create an EncryptedKey KeyInfo.
|
static Element |
TokenProviderUtils.encryptToken(Element element,
String id,
STSPropertiesMBean stsProperties,
EncryptionProperties encryptionProperties,
KeyRequirements keyRequirements,
Map<String,Object> messageContext)
Encrypt a Token element using the given arguments.
|
Modifier and Type | Method and Description |
---|---|
protected void |
SAMLTokenValidator.validateAssertion(SamlAssertionWrapper assertion)
Validate the assertion against schemas/profiles
|
Modifier and Type | Method and Description |
---|---|
static KerberosClient |
KerberosUtils.getClient(Message message,
String type) |
Modifier and Type | Method and Description |
---|---|
protected Crypto |
AbstractSTSClient.createCrypto(boolean decrypt) |
protected SecurityToken |
AbstractSTSClient.createSecurityToken(Element el,
byte[] requestorEntropy) |
protected byte[] |
AbstractSTSClient.decryptKey(Element child) |
protected boolean |
STSTokenValidator.isValidatedLocally(Credential credential,
RequestData data) |
org.apache.xml.security.stax.securityToken.InboundSecurityToken |
STSStaxTokenValidator.validate(BinarySecurityTokenType binarySecurityTokenType,
TokenContext tokenContext) |
Credential |
STSTokenValidator.validate(Credential credential,
RequestData data) |
Credential |
STSSamlAssertionValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
<T extends SamlSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
STSStaxTokenValidator.validate(SamlAssertionWrapper samlAssertionWrapper,
org.apache.xml.security.stax.securityToken.InboundSecurityToken subjectSecurityToken,
TokenContext tokenContext) |
<T extends UsernameSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
STSStaxTokenValidator.validate(UsernameTokenType usernameTokenType,
TokenContext tokenContext) |
Credential |
STSTokenValidator.validateWithSTS(Credential credential,
Message message) |
protected Credential |
STSSamlAssertionValidator.verifySignedAssertion(SamlAssertionWrapper assertion,
RequestData data)
Try to verify trust on the assertion.
|
Modifier and Type | Method and Description |
---|---|
static org.apache.cxf.binding.soap.SoapFault |
WSS4JUtils.createSoapFault(org.apache.cxf.binding.soap.SoapMessage message,
org.apache.cxf.binding.soap.SoapVersion version,
WSSecurityException e)
Create a SoapFault from a WSSecurityException, following the SOAP Message Security
1.1 specification, chapter 12 "Error Handling".
|
Modifier and Type | Method and Description |
---|---|
protected void |
WSS4JInInterceptor.advanceBody(org.apache.cxf.binding.soap.SoapMessage msg,
Node body) |
static void |
CryptoCoverageUtil.checkAttachmentsCoverage(Collection<Attachment> attachments,
Collection<WSDataRef> refs,
CryptoCoverageUtil.CoverageType type,
CryptoCoverageUtil.CoverageScope scope) |
static void |
CryptoCoverageUtil.checkBodyCoverage(Element soapBody,
Collection<WSDataRef> refs,
CryptoCoverageUtil.CoverageType type,
CryptoCoverageUtil.CoverageScope scope)
Checks that the references provided refer to the
signed/encrypted SOAP body element.
|
static void |
CryptoCoverageUtil.checkCoverage(Element soapEnvelope,
Collection<WSDataRef> refs,
Map<String,String> namespaces,
Collection<String> xPaths,
CryptoCoverageUtil.CoverageType type,
CryptoCoverageUtil.CoverageScope scope)
Checks that the references provided refer to the required
signed/encrypted elements as defined by the XPath expressions in
xPaths . |
static void |
CryptoCoverageUtil.checkCoverage(Element soapEnvelope,
Collection<WSDataRef> refs,
Map<String,String> namespaces,
String xPath,
CryptoCoverageUtil.CoverageType type,
CryptoCoverageUtil.CoverageScope scope)
Checks that the references provided refer to the required
signed/encrypted elements as defined by the XPath expression in
xPath . |
static void |
CryptoCoverageUtil.checkCoverage(Element soapEnvelope,
Collection<WSDataRef> refs,
XPath xpath,
Collection<String> xPaths,
CryptoCoverageUtil.CoverageType type,
CryptoCoverageUtil.CoverageScope scope)
Checks that the references provided refer to the required
signed/encrypted elements as defined by the XPath expressions in
xPaths . |
static void |
CryptoCoverageUtil.checkHeaderCoverage(Element soapHeader,
Collection<WSDataRef> refs,
String namespace,
String name,
CryptoCoverageUtil.CoverageType type,
CryptoCoverageUtil.CoverageScope scope)
Checks that the references provided refer to the required
signed/encrypted SOAP header element(s) matching the provided name and
namespace.
|
protected void |
WSS4JInInterceptor.computeAction(org.apache.cxf.binding.soap.SoapMessage msg,
RequestData reqData)
Do whatever is necessary to determine the action for the incoming message and
do whatever other setup work is necessary.
|
protected void |
PolicyBasedWSS4JInInterceptor.computeAction(org.apache.cxf.binding.soap.SoapMessage message,
RequestData data) |
protected void |
AbstractWSS4JStaxInterceptor.configureCallbackHandler(org.apache.cxf.binding.soap.SoapMessage soapMessage,
WSSSecurityProperties securityProperties) |
protected void |
WSS4JStaxOutInterceptor.configureProperties(org.apache.cxf.binding.soap.SoapMessage msg,
org.apache.xml.security.stax.ext.OutboundSecurityContext outboundSecurityContext,
WSSSecurityProperties securityProperties) |
protected void |
PolicyBasedWSS4JStaxOutInterceptor.configureProperties(org.apache.cxf.binding.soap.SoapMessage msg,
org.apache.xml.security.stax.ext.OutboundSecurityContext outboundSecurityContext,
WSSSecurityProperties securityProperties) |
protected void |
WSS4JInInterceptor.configureReplayCaches(RequestData reqData,
List<Integer> actions,
org.apache.cxf.binding.soap.SoapMessage msg) |
protected void |
WSS4JInInterceptor.doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
WSHandlerResult wsResult,
boolean utWithCallbacks) |
protected void |
PolicyBasedWSS4JInInterceptor.doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
WSHandlerResult results,
boolean utWithCallbacks) |
protected void |
AbstractUsernameTokenAuthenticatingInterceptor.doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
WSHandlerResult wsResult,
boolean utWithCallbacks) |
protected CallbackHandler |
WSS4JInInterceptor.getCallback(RequestData reqData) |
protected CallbackHandler |
WSS4JInInterceptor.getCallback(RequestData reqData,
boolean utWithCallbacks) |
static Crypto |
WSS4JUtils.getEncryptionCrypto(Object e,
org.apache.cxf.binding.soap.SoapMessage message,
PasswordEncryptor passwordEncryptor) |
protected Crypto |
AbstractWSS4JStaxInterceptor.getEncryptionCrypto(Object e,
org.apache.cxf.binding.soap.SoapMessage message,
WSSSecurityProperties securityProperties) |
static Crypto |
WSS4JUtils.getSignatureCrypto(Object s,
org.apache.cxf.binding.soap.SoapMessage message,
PasswordEncryptor passwordEncryptor) |
protected Crypto |
AbstractWSS4JStaxInterceptor.getSignatureCrypto(Object s,
org.apache.cxf.binding.soap.SoapMessage message,
WSSSecurityProperties securityProperties) |
Validator |
CXFRequestData.getValidator(QName qName) |
protected Crypto |
AbstractWSS4JStaxInterceptor.loadCrypto(org.apache.cxf.binding.soap.SoapMessage soapMessage,
String cryptoPropertyFile,
String cryptoPropertyRefId,
WSSSecurityProperties securityProperties)
Load a Crypto instance.
|
static Crypto |
WSS4JUtils.loadCryptoFromPropertiesFile(Message message,
String propFilename,
ClassLoader classLoader,
PasswordEncryptor passwordEncryptor) |
protected Crypto |
AbstractWSS4JStaxInterceptor.loadCryptoFromPropertiesFile(org.apache.cxf.binding.soap.SoapMessage soapMessage,
String propFilename,
WSSSecurityProperties securityProperties) |
protected Crypto |
AbstractWSS4JInterceptor.loadCryptoFromPropertiesFile(String propFilename,
RequestData reqData) |
protected UsernameTokenPrincipal |
UsernameTokenInterceptor.parseTokenAndCreatePrincipal(Element tokenElement,
boolean bspCompliant) |
protected void |
WSS4JInInterceptor.setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message,
RequestData data)
Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
algorithms that are allowed for encryption, signature, etc.
|
protected void |
PolicyBasedWSS4JInInterceptor.setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message,
RequestData data)
Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
algorithms that are allowed for encryption, signature, etc.
|
protected void |
AbstractUsernameTokenAuthenticatingInterceptor.setSubject(String name,
String password,
boolean isDigest,
String nonce,
String created) |
void |
AlgorithmSuiteTranslater.translateAlgorithmSuites(org.apache.cxf.ws.policy.AssertionInfoMap aim,
RequestData data) |
protected WSSecurityEngineResult |
UsernameTokenInterceptor.validateToken(Element tokenElement,
org.apache.cxf.binding.soap.SoapMessage message) |
protected void |
AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator.verifyCustomPassword(UsernameToken usernameToken,
RequestData data) |
protected void |
AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator.verifyDigestPassword(UsernameToken usernameToken,
RequestData data) |
protected void |
AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator.verifyPlaintextPassword(UsernameToken usernameToken,
RequestData data) |
protected void |
AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator.verifyUnknownPassword(UsernameToken usernameToken,
RequestData data) |
Modifier and Type | Method and Description |
---|---|
protected org.apache.xml.security.stax.ext.SecurePart |
AbstractStaxBindingHandler.addKerberosToken(KerberosToken token,
boolean signed,
boolean endorsing,
boolean encrypting) |
protected SamlAssertionWrapper |
AbstractBindingBuilder.addSamlToken(SamlToken token) |
protected org.apache.xml.security.stax.ext.SecurePart |
AbstractStaxBindingHandler.addSamlToken(SamlToken token,
boolean signed,
boolean endorsing) |
protected void |
AbstractBindingBuilder.addSupportingTokens(List<WSEncryptionPart> sigs) |
protected void |
AbstractStaxBindingHandler.configureSignature(AbstractToken token,
boolean attached) |
protected Crypto |
AbstractBindingBuilder.getCrypto(String cryptoKey,
String propKey) |
protected WSSecEncryptedKey |
AbstractBindingBuilder.getEncryptedKeyBuilder(AbstractToken token) |
Crypto |
AbstractBindingBuilder.getEncryptionCrypto() |
protected WSSecSignature |
AbstractBindingBuilder.getSignatureBuilder(AbstractToken token,
boolean attached,
boolean endorse) |
Crypto |
AbstractBindingBuilder.getSignatureCrypto() |
protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> |
AbstractBindingBuilder.handleSupportingTokens(SupportingTokens suppTokens,
boolean endorse,
List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret) |
protected void |
AbstractBindingBuilder.handleUsernameTokenSupportingToken(UsernameToken token,
boolean endorse,
boolean encryptedToken,
List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret) |
Modifier and Type | Method and Description |
---|---|
Crypto |
SignatureEncryptionActionToken.getCrypto() |
Crypto |
SecurityActionToken.getCrypto() |
Modifier and Type | Method and Description |
---|---|
void |
BSPEnforcer.handleBSPRule(BSPRule bspRule) |
Modifier and Type | Method and Description |
---|---|
protected void |
Merlin.addTrustAnchors(Set<TrustAnchor> set,
KeyStore keyStore)
Adds
TrustAnchor s found in the provided key store to the set. |
void |
AlgorithmSuiteValidator.checkAsymmetricKeyLength(PublicKey publicKey)
Check the asymmetric key length
|
void |
AlgorithmSuiteValidator.checkAsymmetricKeyLength(X509Certificate x509Certificate)
Check the asymmetric key length
|
void |
AlgorithmSuiteValidator.checkAsymmetricKeyLength(X509Certificate[] x509Certificates)
Check the asymmetric key length
|
void |
AlgorithmSuiteValidator.checkC14nAlgorithm(String c14nAlgorithm)
Check the C14n Algorithm
|
void |
AlgorithmSuiteValidator.checkDerivedKeyAlgorithm(String algorithm)
Check Derived Key algorithm
|
void |
AlgorithmSuiteValidator.checkEncryptionDerivedKeyLength(int derivedKeyLength)
Check Encryption Derived Key length (in bytes)
|
void |
AlgorithmSuiteValidator.checkEncryptionKeyWrapAlgorithm(String keyWrapAlgorithm) |
void |
AlgorithmSuiteValidator.checkSignatureAlgorithms(XMLSignature xmlSignature)
Check the Signature Algorithms
|
void |
AlgorithmSuiteValidator.checkSignatureDerivedKeyLength(int derivedKeyLength)
Check Signature Derived Key length (in bytes)
|
void |
AlgorithmSuiteValidator.checkSignatureMethod(String signatureMethod)
Check the Signature Method
|
void |
AlgorithmSuiteValidator.checkSymmetricEncryptionAlgorithm(String symmetricAlgorithm) |
void |
AlgorithmSuiteValidator.checkSymmetricKeyLength(int secretKeyLength)
Check the symmetric key length
|
void |
DERDecoder.expect(byte val)
Confirm that the byte at the current position matches the given value.
|
void |
DERDecoder.expect(int val)
Confirm that the byte at the current position matches the given value.
|
byte[] |
DERDecoder.getBytes(int length)
Return an array of bytes from the current position.
|
byte[] |
CryptoBase.getBytesFromCertificates(X509Certificate[] certs)
Get a byte array given an array of X509 certificates.
|
byte[] |
Crypto.getBytesFromCertificates(X509Certificate[] certs)
Get a byte array given an array of X509 certificates.
|
CertificateFactory |
Merlin.getCertificateFactory()
Singleton certificate factory for this Crypto instance.
|
CertificateFactory |
CryptoBase.getCertificateFactory()
Get the CertificateFactory instance on this Crypto instance
|
CertificateFactory |
Crypto.getCertificateFactory()
Get the CertificateFactory instance on this Crypto instance
|
X509Certificate[] |
CryptoBase.getCertificatesFromBytes(byte[] data)
Construct an array of X509Certificate's from the byte array.
|
X509Certificate[] |
Crypto.getCertificatesFromBytes(byte[] data)
Construct an array of X509Certificate's from the byte array.
|
String |
Merlin.getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
String |
CryptoBase.getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
String |
Crypto.getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
static Crypto |
CryptoFactory.getInstance()
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(Class<? extends Crypto> cryptoClass,
Map<Object,Object> map)
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(Properties properties)
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(Properties properties,
ClassLoader classLoader,
PasswordEncryptor passwordEncryptor)
getInstance
Returns an instance of Crypto loaded with the given classloader.
|
static Crypto |
CryptoFactory.getInstance(String propFilename)
getInstance
Returns an instance of Crypto.
|
static Crypto |
CryptoFactory.getInstance(String propFilename,
ClassLoader customClassLoader) |
int |
DERDecoder.getLength()
Get the DER length at the current position.
|
protected byte[] |
CryptoBase.getNameConstraints(X509Certificate cert)
Extracts the NameConstraints sequence from the certificate.
|
PrivateKey |
Merlin.getPrivateKey(PublicKey publicKey,
CallbackHandler callbackHandler)
Gets the private key corresponding to the given PublicKey.
|
PrivateKey |
Crypto.getPrivateKey(PublicKey publicKey,
CallbackHandler callbackHandler)
Gets the private key corresponding to the given PublicKey.
|
PrivateKey |
CertificateStore.getPrivateKey(PublicKey publicKey,
CallbackHandler callbackHandler)
Gets the private key corresponding to the given PublicKey.
|
PrivateKey |
Merlin.getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
Crypto.getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
CertificateStore.getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
Merlin.getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
PrivateKey |
Crypto.getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
PrivateKey |
CertificateStore.getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
static Properties |
CryptoFactory.getProperties(String propFilename,
ClassLoader loader)
This allows loading the resources with a custom class loader
|
byte[] |
CryptoBase.getSKIBytesFromCert(X509Certificate cert)
Reads the SubjectKeyIdentifier information from the certificate.
|
byte[] |
Crypto.getSKIBytesFromCert(X509Certificate cert)
Reads the SubjectKeyIdentifier information from the certificate.
|
byte[] |
X509SubjectPublicKeyInfo.getSubjectPublicKey()
Get the subjectPublicKey element of the SubjectPublicKeyInfo.
|
X509Certificate[] |
Merlin.getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
X509Certificate[] |
Crypto.getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
X509Certificate[] |
CertificateStore.getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
String |
Merlin.getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter.
|
String |
Crypto.getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter, e.g.
|
String |
CertificateStore.getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter.
|
protected KeyStore |
Merlin.load(InputStream input,
String storepass,
String provider,
String type)
Loads the keystore from an
InputStream . |
X509Certificate |
CryptoBase.loadCertificate(InputStream in)
Load a X509Certificate from the input stream.
|
X509Certificate |
Crypto.loadCertificate(InputStream in)
Load a X509Certificate from the input stream.
|
static InputStream |
Merlin.loadInputStream(ClassLoader loader,
String location)
Load a KeyStore object as an InputStream, using the ClassLoader and location arguments
|
void |
MerlinDevice.loadProperties(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
void |
Merlin.loadProperties(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
void |
DERDecoder.skip(int length)
Advance the current position by the given number of bytes.
|
boolean |
DERDecoder.test(byte val)
Test if the byte at the current position matches the given value.
|
void |
Merlin.verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
void |
Crypto.verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
void |
CertificateStore.verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
protected void |
MerlinAKI.verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
protected void |
Merlin.verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
protected void |
CertificateStore.verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
void |
Merlin.verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints,
Collection<Pattern> issuerCertConstraints) |
void |
Crypto.verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints,
Collection<Pattern> issuerCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
void |
CertificateStore.verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints,
Collection<Pattern> issuerCertConstraints) |
Constructor and Description |
---|
DERDecoder(byte[] derEncoded)
Construct a DERDecoder for the given byte array.
|
Merlin(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
MerlinAKI(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
MerlinDevice(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
X509SubjectPublicKeyInfo(byte[] x509EncodedPublicKey)
Construct a SubjectPublicKeyInfo for the given X.509-encoded public key.
|
X509SubjectPublicKeyInfo(PublicKey key)
Construct a SubjectPublicKeyInfo for the given public key.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
P_SHA1.createKey(byte[] secret,
byte[] seed,
int offset,
long length) |
byte[] |
DerivationAlgorithm.createKey(byte[] secret,
byte[] seed,
int offset,
long length) |
byte[] |
ConversationConstants.DerivationAlgorithm.createKey(byte[] secret,
byte[] seed,
int offset,
long length) |
static byte[] |
DerivedKeyUtils.deriveKey(String algorithm,
String label,
int length,
byte[] secret,
byte[] nonce,
int offset)
Derive a key from this DerivedKeyToken instance
|
static DerivationAlgorithm |
AlgoFactory.getInstance(String algorithm)
This gives a DerivationAlgorithm instance from the default set of algorithms provided
|
Modifier and Type | Method and Description |
---|---|
KerberosServiceContext |
KerberosServiceExceptionAction.run() |
KerberosContext |
KerberosClientExceptionAction.run() |
Modifier and Type | Method and Description |
---|---|
String |
SamlAssertionWrapper.assertionToString()
Method assertionToString ...
|
void |
SamlAssertionWrapper.checkAudienceRestrictions(List<String> audienceRestrictions)
Check the AudienceRestrictions of the Assertion
|
void |
SamlAssertionWrapper.checkAuthnStatements(int futureTTL)
Check the various attributes of the AuthnStatements of the assertion (if any)
|
void |
SamlAssertionWrapper.checkConditions(int futureTTL)
Check the Conditions of the Assertion.
|
void |
SamlAssertionWrapper.checkIssueInstant(int futureTTL,
int ttl)
Check the IssueInstant value of the Assertion.
|
static org.opensaml.core.xml.XMLObject |
OpenSAMLUtil.fromDom(Element root)
Convert a SAML Assertion from a DOM Element to an XMLObject
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromKeyInfo(Element keyInfoElement,
SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto)
This method returns a SAMLKeyInfo corresponding to the credential found in the
KeyInfo (DOM Element) argument.
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromSubject(org.opensaml.saml.saml1.core.Assertion assertion,
SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto,
CallbackHandler callbackHandler)
Get the SAMLKeyInfo object corresponding to the credential stored in the Subject of a
SAML 1.1 assertion
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromSubject(org.opensaml.saml.saml2.core.Assertion assertion,
SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto,
CallbackHandler callbackHandler)
Get the SAMLKeyInfo object corresponding to the credential stored in the Subject of a
SAML 2 assertion
|
static SAMLKeyInfo |
SAMLUtil.getCredentialFromSubject(SamlAssertionWrapper samlAssertion,
SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto,
CallbackHandler callbackHandler)
Parse a SAML Assertion to obtain a SAMLKeyInfo object from
the Subject of the assertion
|
org.opensaml.xmlsec.signature.Signature |
SamlAssertionWrapper.getSignature() |
byte[] |
SamlAssertionWrapper.getSignatureValue()
Get the SignatureValue bytes of the signed SAML Assertion
|
void |
SamlAssertionWrapper.parseSubject(SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto,
CallbackHandler callbackHandler)
This method parses the KeyInfo of the Subject.
|
SAMLKeyInfo |
SAMLKeyInfoProcessor.processSAMLKeyInfo(Element keyInfoElement) |
void |
SamlAssertionWrapper.signAssertion(String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue)
Create an enveloped signature on the assertion that has been created.
|
void |
SamlAssertionWrapper.signAssertion(String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue,
String canonicalizationAlgorithm,
String signatureAlgorithm)
Create an enveloped signature on the assertion that has been created.
|
void |
SamlAssertionWrapper.signAssertion(String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue,
String canonicalizationAlgorithm,
String signatureAlgorithm,
String signatureDigestAlgorithm)
Create an enveloped signature on the assertion that has been created.
|
Element |
SamlAssertionWrapper.toDOM(Document doc)
Create a DOM from the current XMLObject content.
|
static Element |
OpenSAMLUtil.toDom(org.opensaml.core.xml.XMLObject xmlObject,
Document doc)
Convert a SAML Assertion from a XMLObject to a DOM Element
|
static Element |
OpenSAMLUtil.toDom(org.opensaml.core.xml.XMLObject xmlObject,
Document doc,
boolean signObject)
Convert a SAML Assertion from a XMLObject to a DOM Element
|
void |
SamlAssertionWrapper.validateSignatureAgainstProfile()
Validate the signature of the Assertion against the Profile.
|
void |
SamlAssertionWrapper.verifySignature(SAMLKeyInfo samlKeyInfo)
Verify the signature of this assertion
|
void |
SamlAssertionWrapper.verifySignature(SAMLKeyInfoProcessor keyInfoProcessor,
Crypto sigCrypto)
Verify the signature of this assertion
|
Constructor and Description |
---|
SamlAssertionWrapper(Element element)
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
|
SamlAssertionWrapper(SAMLCallback samlCallback)
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
|
SamlAssertionWrapper(org.opensaml.saml.common.SAMLObject samlObject)
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
|
Modifier and Type | Method and Description |
---|---|
static org.opensaml.saml.saml2.core.Advice |
SAML2ComponentBuilder.createAdvice(AdviceBean adviceBean)
Create a Advice object
|
static org.opensaml.saml.saml1.core.Advice |
SAML1ComponentBuilder.createAdvice(AdviceBean adviceBean)
Create a Advice object
|
static org.opensaml.xmlsec.signature.KeyInfo |
SAML1ComponentBuilder.createKeyInfo(KeyInfoBean keyInfo)
Create an Opensaml KeyInfo object from the parameters
|
static org.opensaml.saml.saml1.core.Subject |
SAML1ComponentBuilder.createSaml1v1Subject(SubjectBean subjectBean)
Create a SAML Subject from a SubjectBean instance
|
static org.opensaml.saml.saml2.core.Subject |
SAML2ComponentBuilder.createSaml2Subject(SubjectBean subjectBean)
Create a Subject.
|
static List<org.opensaml.saml.saml1.core.AttributeStatement> |
SAML1ComponentBuilder.createSamlv1AttributeStatement(List<AttributeStatementBean> attributeData)
Create SAML 1.1 attribute statement(s)
|
static List<org.opensaml.saml.saml1.core.AuthenticationStatement> |
SAML1ComponentBuilder.createSamlv1AuthenticationStatement(List<AuthenticationStatementBean> authBeans)
Create SAML 1.1 authentication statement(s)
|
static List<org.opensaml.saml.saml1.core.AuthorizationDecisionStatement> |
SAML1ComponentBuilder.createSamlv1AuthorizationDecisionStatement(List<AuthDecisionStatementBean> decisionData)
Create SAML 1.1 Authorization Decision Statement(s)
|
static org.opensaml.saml.saml2.core.SubjectConfirmationData |
SAML2ComponentBuilder.createSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationDataBean,
KeyInfoBean keyInfoBean)
Create a SubjectConfirmationData object
|
Modifier and Type | Method and Description |
---|---|
void |
SpnegoTokenContext.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
SpnegoTokenContext.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
SpnegoTokenContext.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
boolean requestCredDeleg,
GSSCredential delegationCredential)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
byte[] |
SpnegoTokenContext.unwrapKey(byte[] secret)
Unwrap a key
|
void |
SpnegoTokenContext.validateServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
byte[] ticket)
Validate a service ticket.
|
void |
SpnegoTokenContext.validateServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
byte[] ticket)
Validate a service ticket.
|
byte[] |
SpnegoTokenContext.wrapKey(byte[] secret)
Wrap a key
|
Modifier and Type | Method and Description |
---|---|
X509Certificate[] |
SecurityTokenReference.getKeyIdentifier(Crypto crypto)
Gets the KeyIdentifier.
|
Reference |
SecurityTokenReference.getReference()
Gets the Reference.
|
X509Certificate |
X509Security.getX509Certificate(Crypto crypto)
Gets the X509Certificate certificate.
|
X509Certificate[] |
PKIPathSecurity.getX509Certificates(Crypto crypto)
get the X509Certificate array.
|
X509Certificate[] |
SecurityTokenReference.getX509IssuerSerial(Crypto crypto)
Gets the certificate identified with X509 issuerSerial data.
|
X509Certificate |
SecurityTokenReference.getX509SKIAlias(Crypto crypto) |
void |
SecurityTokenReference.setKeyIdentifier(String valueType,
String keyIdVal) |
void |
SecurityTokenReference.setKeyIdentifier(String valueType,
String keyIdVal,
boolean base64) |
void |
SecurityTokenReference.setKeyIdentifier(X509Certificate cert)
Sets the KeyIdentifier Element as a X509 certificate.
|
void |
SecurityTokenReference.setKeyIdentifierEncKeySHA1(String value) |
void |
SecurityTokenReference.setKeyIdentifierSKI(X509Certificate cert,
Crypto crypto)
Sets the KeyIdentifier Element as a X509 Subject-Key-Identifier (SKI).
|
void |
SecurityTokenReference.setKeyIdentifierThumb(X509Certificate cert)
Sets the KeyIdentifier Element as a Thumbprint.
|
void |
BinarySecurity.setToken(byte[] data)
set the token information.
|
void |
X509Security.setX509Certificate(X509Certificate cert)
Sets the X509Certificate.
|
void |
PKIPathSecurity.setX509Certificates(X509Certificate[] certs,
Crypto crypto)
set the X509Certificate array.
|
Constructor and Description |
---|
BinarySecurity(CallbackHandler callbackHandler)
Create a BinarySecurityToken via a CallbackHandler
|
BinarySecurity(Element elem,
BSPEnforcer bspEnforcer)
Constructor.
|
DOMX509Data(Element x509DataElement)
Constructor.
|
PKIPathSecurity(Element elem,
BSPEnforcer bspEnforcer)
Constructor.
|
Reference(Element elem)
Constructor.
|
SecurityTokenReference(Element elem,
BSPEnforcer bspEnforcer)
Constructor.
|
X509Security(Element elem,
BSPEnforcer bspEnforcer)
This constructor creates a new X509 certificate object and initializes
it from the data contained in the element.
|
Modifier and Type | Method and Description |
---|---|
static byte[] |
UsernameTokenUtil.generateDerivedKey(byte[] password,
byte[] salt,
int iteration)
This static method generates a derived key as defined in WSS Username
Token Profile.
|
static byte[] |
UsernameTokenUtil.generateDerivedKey(String password,
byte[] salt,
int iteration)
This static method generates a derived key as defined in WSS Username
Token Profile.
|
static byte[] |
KeyUtils.generateDigest(byte[] inputBytes)
Generate a (SHA1) digest of the input bytes.
|
static String |
AttachmentUtils.getAttachmentId(String xopUri) |
static byte[] |
AttachmentUtils.getBytesFromAttachment(String xopUri,
CallbackHandler attachmentCallbackHandler,
boolean removeAttachments) |
static Cipher |
KeyUtils.getCipherInstance(String cipherAlgo)
Translate the "cipherAlgo" URI to a JCE ID, and return a javax.crypto.Cipher instance
of this type.
|
static Cipher |
KeyUtils.getCipherInstance(String cipherAlgo,
String provider)
Translate the "cipherAlgo" URI to a JCE ID, and request a javax.crypto.Cipher instance
of this type from the given provider.
|
static KeyGenerator |
KeyUtils.getKeyGenerator(String algorithm) |
static int |
KeyUtils.getKeyLength(String algorithm)
Returns the length of the key in # of bytes.
|
static InputStream |
Loader.loadInputStream(ClassLoader loader,
String resource) |
static void |
AttachmentUtils.readAndReplaceEncryptedAttachmentHeaders(Map<String,String> headers,
InputStream attachmentInputStream) |
static InputStream |
AttachmentUtils.setupAttachmentDecryptionStream(String encAlgo,
Cipher cipher,
Key key,
InputStream inputStream) |
static InputStream |
AttachmentUtils.setupAttachmentEncryptionStream(Cipher cipher,
boolean complete,
Attachment attachment,
Map<String,String> headers) |
Modifier and Type | Method and Description |
---|---|
void |
WSDocInfo.addTokenElement(Element element)
Store a token element for later retrieval.
|
void |
WSDocInfo.addTokenElement(Element element,
boolean checkMultipleElements)
Store a token element for later retrieval.
|
Modifier and Type | Method and Description |
---|---|
void |
UsernameTokenSignedAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
UsernameTokenAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
TimestampAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
SignatureDerivedAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
SignatureConfirmationAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
SignatureAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
SAMLTokenUnsignedAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
SAMLTokenSignedAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
EncryptionDerivedAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
EncryptionAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
CustomTokenAction.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
void |
Action.execute(WSHandler handler,
SecurityActionToken actionToken,
RequestData reqData) |
protected Element |
AbstractDerivedAction.setupEKReference(WSSecDerivedKeyBase derivedKeyBase,
WSSecHeader securityHeader,
WSPasswordCallback passwordCallback,
SignatureEncryptionActionToken actionToken,
SignatureEncryptionActionToken previousActionToken,
boolean use200512Namespace,
Document doc,
String keyTransportAlgorithm,
String mgfAlgorithm) |
protected Element |
AbstractDerivedAction.setupSCTReference(WSSecDerivedKeyBase derivedKeyBase,
WSPasswordCallback passwordCallback,
SignatureEncryptionActionToken actionToken,
SignatureEncryptionActionToken previousActionToken,
boolean use200512Namespace,
Document doc) |
Modifier and Type | Method and Description |
---|---|
Element |
DOMCallbackLookup.getAndRegisterElement(String id,
String valueType,
boolean checkMultipleElements,
DOMCryptoContext context)
Get the DOM element that corresponds to the given id and ValueType reference.
|
Element |
CallbackLookup.getAndRegisterElement(String id,
String valueType,
boolean checkMultipleElements,
DOMCryptoContext context)
Get the DOM element that corresponds to the given id and ValueType reference.
|
Element |
DOMCallbackLookup.getElement(String id,
String valueType,
boolean checkMultipleElements)
Get the DOM element that corresponds to the given id and ValueType reference.
|
Element |
CallbackLookup.getElement(String id,
String valueType,
boolean checkMultipleElements)
Get the DOM element that corresponds to the given id and ValueType reference.
|
List<Element> |
DOMCallbackLookup.getElements(String localname,
String namespace)
Get the DOM element(s) that correspond to the given localname/namespace.
|
List<Element> |
CallbackLookup.getElements(String localname,
String namespace)
Get the DOM element(s) that correspond to the given localname/namespace.
|
Modifier and Type | Method and Description |
---|---|
Action |
WSSConfig.getAction(int action)
Lookup action
|
Processor |
WSSConfig.getProcessor(QName el) |
Validator |
WSSConfig.getValidator(QName el) |
WSHandlerResult |
WSSecurityEngine.processSecurityHeader(Document doc,
RequestData requestData)
Process the security header given the soap envelope as W3C document.
|
WSHandlerResult |
WSSecurityEngine.processSecurityHeader(Document doc,
String actor,
CallbackHandler cb,
Crypto crypto)
Process the security header given the soap envelope as W3C document.
|
WSHandlerResult |
WSSecurityEngine.processSecurityHeader(Document doc,
String actor,
CallbackHandler cb,
Crypto sigVerCrypto,
Crypto decCrypto)
Process the security header given the soap envelope as W3C document.
|
WSHandlerResult |
WSSecurityEngine.processSecurityHeader(Element securityHeader,
RequestData requestData)
Process the security header given the
wsse:Security DOM
Element. |
WSHandlerResult |
WSSecurityEngine.processSecurityHeader(Element securityHeader,
String actor,
CallbackHandler cb,
Crypto sigVerCrypto,
Crypto decCrypto)
Process the security header given the
wsse:Security DOM
Element. |
Modifier and Type | Method and Description |
---|---|
protected void |
WSHandler.checkSignatureConfirmation(RequestData reqData,
WSHandlerResult handlerResults) |
protected void |
WSHandler.decodeAlgorithmSuite(RequestData reqData) |
protected boolean |
WSHandler.decodeBooleanConfigValue(Object messageContext,
String configTag,
boolean defaultToTrue) |
protected void |
WSHandler.decodeDecryptionParameter(RequestData reqData) |
protected void |
WSHandler.decodeEncryptionParameter(RequestData reqData) |
protected String |
WSHandler.decodePasswordType(RequestData reqData) |
protected void |
WSHandler.decodeSignatureParameter(RequestData reqData) |
protected void |
WSHandler.decodeSignatureParameter2(RequestData reqData) |
protected void |
WSHandler.decodeUTParameter(RequestData reqData) |
protected void |
WSHandler.doReceiverAction(List<Integer> actions,
RequestData reqData) |
protected void |
WSHandler.doSenderAction(Document doc,
RequestData reqData,
List<HandlerAction> actions,
boolean isRequest)
Performs all defined security actions to set-up the SOAP request.
|
CallbackHandler |
WSHandler.getCallbackHandler(String callbackHandlerClass,
String callbackHandlerRef,
RequestData requestData)
Get a CallbackHandler instance.
|
ReplayCache |
RequestData.getNonceReplayCache()
Get the replay cache for Nonces
|
CallbackHandler |
WSHandler.getPasswordCallbackHandler(RequestData reqData)
Get a CallbackHandler instance to obtain passwords.
|
WSPasswordCallback |
WSHandler.getPasswordCB(String username,
int doAction,
CallbackHandler callbackHandler,
RequestData requestData)
Get a password callback (WSPasswordCallback object) from a CallbackHandler instance
|
ReplayCache |
RequestData.getSamlOneTimeUseReplayCache()
Get the replay cache for SAML2 OneTimeUse Assertions
|
ReplayCache |
RequestData.getTimestampReplayCache()
Get the replay cache for Timestamps
|
Validator |
RequestData.getValidator(QName qName)
Get the Validator instance corresponding to the QName
|
protected Crypto |
WSHandler.loadCrypto(String cryptoPropertyFile,
String cryptoPropertyRefId,
RequestData requestData)
Load a Crypto instance.
|
protected Crypto |
WSHandler.loadCryptoFromPropertiesFile(String propFilename,
RequestData reqData)
A hook to allow subclass to load Crypto instances from property files in a different
way.
|
protected Crypto |
WSHandler.loadDecryptionCrypto(RequestData requestData)
Hook to allow subclasses to load their Decryption Crypto however they see
fit.
|
protected Crypto |
WSHandler.loadEncryptionCrypto(RequestData requestData)
Hook to allow subclasses to load their Encryption Crypto however they see
fit.
|
Crypto |
WSHandler.loadSignatureCrypto(RequestData requestData)
Hook to allow subclasses to load their Signature creation Crypto however they see
fit.
|
Crypto |
WSHandler.loadSignatureVerificationCrypto(RequestData requestData)
Hook to allow subclasses to load their Signature verification Crypto however they see
fit.
|
Modifier and Type | Method and Description |
---|---|
List<Reference> |
WSSecSignatureBase.addReferencesToSign(Document doc,
List<WSEncryptionPart> references,
WSDocInfo wsDocInfo,
XMLSignatureFactory signatureFactory,
boolean addInclusivePrefixes,
String digestAlgo)
This method adds references to the Signature.
|
List<Reference> |
WSSecSignature.addReferencesToSign(List<WSEncryptionPart> references)
This method adds references to the Signature.
|
List<Reference> |
WSSecDKSign.addReferencesToSign(List<WSEncryptionPart> references)
This method adds references to the Signature.
|
Document |
WSSecDKSign.build() |
Document |
WSSecDKEncrypt.build() |
Document |
WSSecSignature.build(Crypto cr)
Builds a signed soap envelope.
|
Document |
WSSecEncrypt.build(Crypto crypto)
Builds the SOAP envelope with encrypted Body and adds encrypted key.
|
void |
WSSecSignature.computeSignature(List<Reference> referenceList)
Compute the Signature over the references.
|
void |
WSSecDKSign.computeSignature(List<Reference> referenceList)
Compute the Signature over the references.
|
void |
WSSecSignature.computeSignature(List<Reference> referenceList,
boolean prepend,
Element siblingElement)
Compute the Signature over the references.
|
void |
WSSecDKSign.computeSignature(List<Reference> referenceList,
boolean prepend,
Element siblingElement)
Compute the Signature over the references.
|
List<String> |
Encryptor.doEncryption(org.apache.xml.security.keys.KeyInfo keyInfo,
SecretKey secretKey,
String encryptionAlgorithm,
List<WSEncryptionPart> references,
List<Element> attachmentEncryptedDataElements) |
Element |
WSSecEncrypt.encrypt() |
Element |
WSSecDKEncrypt.encrypt() |
Element |
WSSecDKEncrypt.encryptForExternalRef(Element dataRef,
List<WSEncryptionPart> references)
Encrypt one or more parts or elements of the message (external).
|
Element |
WSSecEncrypt.encryptForRef(Element dataRef,
List<WSEncryptionPart> references)
Encrypt one or more parts or elements of the message.
|
byte[] |
WSSecUsernameToken.getDerivedKey()
Get the derived key.
|
protected abstract int |
WSSecDerivedKeyBase.getDerivedKeyLength()
The derived key will change depending on the sig/encr algorithm.
|
protected int |
WSSecDKSign.getDerivedKeyLength() |
protected int |
WSSecDKEncrypt.getDerivedKeyLength() |
Element |
WSSecSAMLToken.getElement() |
Element |
WSSecSignature.getKeyInfoElement()
Return the computed KeyInfo value as a DOM Element
Call this method after
prepare() |
Element |
WSSecHeader.insertSecurityHeader()
Creates a security header and inserts it as child into the SOAP Envelope.
|
boolean |
WSSecHeader.isEmpty()
Returns whether the security header is empty
|
protected void |
WSSecSignature.marshalKeyInfo(WSDocInfo wsDocInfo) |
void |
WSSecDerivedKeyBase.prepare()
Initialize a WSSec Derived key.
|
void |
WSSecDKSign.prepare() |
void |
WSSecDKEncrypt.prepare() |
void |
WSSecSignature.prepare(Crypto cr)
Initialize a WSSec Signature.
|
void |
WSSecSecurityContextToken.prepare(Crypto crypto) |
void |
WSSecEncryptedKey.prepare(Crypto crypto)
Prepare the ephemeralKey and the tokens required to be added to the
security header
|
void |
WSSecEncrypt.prepare(Crypto crypto)
Initialize a WSSec Encrypt.
|
protected void |
WSSecEncryptedKey.prepareInternal(SecretKey secretKey) |
protected void |
WSSecEncryptedKey.prepareInternal(SecretKey secretKey,
PublicKey remoteKey,
Crypto crypto) |
protected void |
WSSecEncryptedKey.prepareInternal(SecretKey secretKey,
X509Certificate remoteCert,
Crypto crypto)
Encrypt the symmetric key data and prepare the EncryptedKey element
This method does the most work for to prepare the EncryptedKey element.
|
void |
WSSecSecurityContextToken.prependSCTElementToHeader() |
void |
WSSecHeader.removeSecurityHeader() |
Modifier and Type | Method and Description |
---|---|
Principal |
UsernameToken.createPrincipal()
Create a WSUsernameTokenPrincipal from this UsernameToken object
|
Principal |
DerivedKeyToken.createPrincipal()
Create a WSDerivedKeyTokenPrincipal from this DerivedKeyToken object
|
byte[] |
DerivedKeyToken.deriveKey(int length,
byte[] secret)
Derive a key from this DerivedKeyToken instance
|
byte[] |
UsernameToken.getDerivedKey(BSPEnforcer bspEnforcer)
This method gets a derived key as defined in WSS Username Token Profile.
|
byte[] |
UsernameToken.getSalt()
Get the Salt value of this UsernameToken.
|
SecurityTokenReference |
DerivedKeyToken.getSecurityTokenReference()
Returns the SecurityTokenReference of the derived key token
|
boolean |
UsernameToken.isDerivedKey()
Return whether the UsernameToken represented by this class is to be used
for key derivation as per the UsernameToken Profile 1.1.
|
void |
KerberosSecurity.retrieveServiceTicket(CallbackHandler callbackHandler)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName)
Retrieve a service ticket from a KDC using the Kerberos JAAS module, and set it in this
BinarySecurityToken.
|
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm) |
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
boolean requestCredDeleg) |
void |
KerberosSecurity.retrieveServiceTicket(String jaasLoginModuleName,
CallbackHandler callbackHandler,
String serviceName,
boolean isUsernameServiceNameForm,
boolean requestCredDeleg,
GSSCredential delegatedCredential) |
void |
DerivedKeyToken.setGeneration(int generation)
Sets the generation of the derived key
|
void |
DerivedKeyToken.setOffset(int offset)
Sets the offset
|
void |
UsernameToken.setRawPassword(CallbackHandler callbackHandler)
Set the raw (plain text) password used to compute secret key.
|
Constructor and Description |
---|
DerivedKeyToken(Document doc)
This will create an empty DerivedKeyToken
|
DerivedKeyToken(Element elem,
BSPEnforcer bspEnforcer)
This will create a DerivedKeyToken object with the given DerivedKeyToken element
|
DerivedKeyToken(int version,
Document doc)
This will create an empty DerivedKeyToken
|
KerberosSecurity(Element elem,
BSPEnforcer bspEnforcer)
This constructor creates a new Kerberos token object and initializes
it from the data contained in the element.
|
SecurityContextToken(Document doc)
Constructor to create the SCT
|
SecurityContextToken(Document doc,
String uuid)
Constructor to create the SCT with a given uuid
|
SecurityContextToken(Element elem)
This is used to create a SecurityContextToken using a DOM Element
|
SecurityContextToken(int version,
Document doc)
Constructor to create the SCT
|
SecurityContextToken(int version,
Document doc,
String uuid)
Constructor to create the SCT with a given uuid
|
SecurityContextToken(int version,
Document doc,
String uuid,
String instance)
Constructor to create the SCT with a given uuid and instance
|
SignatureConfirmation(Element elem,
BSPEnforcer bspEnforcer)
Constructs a
SignatureConfirmation object and parses the
wsse11:SignatureConfirmation element to initialize it. |
Timestamp(Element timestampElement,
BSPEnforcer bspEnforcer)
Constructs a
Timestamp object and parses the
wsu:Timestamp element to initialize it. |
UsernameToken(Element elem,
boolean allowNamespaceQualifiedPasswordTypes,
BSPEnforcer bspEnforcer)
Constructs a
UsernameToken object and parses the
wsse:UsernameToken element to initialize it. |
Modifier and Type | Method and Description |
---|---|
Document |
WSSecSignatureSAML.build(Crypto uCrypto,
SamlAssertionWrapper samlAssertion,
Crypto iCrypto,
String iKeyName,
String iKeyPW)
Builds a signed soap envelope with SAML token.
|
void |
WSSecSignatureSAML.computeSignature(List<Reference> referenceList,
Element siblingElement)
Compute the Signature over the references.
|
void |
WSSecSignatureSAML.prepare(Crypto uCrypto,
SamlAssertionWrapper samlAssertion,
Crypto iCrypto,
String iKeyName,
String iKeyPW)
Initialize a WSSec SAML Signature.
|
SAMLKeyInfo |
WSSSAMLKeyInfoProcessor.processSAMLKeyInfo(Element keyInfoElement) |
static void |
DOMSAMLUtil.validateSAMLResults(WSHandlerResult handlerResults,
Certificate[] tlsCerts,
Element body) |
Modifier and Type | Method and Description |
---|---|
static void |
STRParserUtil.checkBinarySecurityBSPCompliance(SecurityTokenReference secRef,
BinarySecurity token,
BSPEnforcer bspEnforcer)
Check that the BinarySecurityToken referenced by the SecurityTokenReference argument
is BSP compliant.
|
static void |
STRParserUtil.checkEncryptedKeyBSPCompliance(SecurityTokenReference secRef,
BSPEnforcer bspEnforcer)
Check that the EncryptedKey referenced by the SecurityTokenReference argument
is BSP compliant.
|
static void |
STRParserUtil.checkSamlTokenBSPCompliance(SecurityTokenReference secRef,
SamlAssertionWrapper samlAssertion,
BSPEnforcer bspEnforcer)
Check that the SAML token referenced by the SecurityTokenReference argument
is BSP compliant.
|
static void |
STRParserUtil.checkUsernameTokenBSPCompliance(SecurityTokenReference secRef,
BSPEnforcer bspEnforcer)
Check that the Username token referenced by the SecurityTokenReference argument
is BSP compliant.
|
static Element |
STRParserUtil.findProcessedTokenElement(Document doc,
WSDocInfo docInfo,
CallbackHandler cb,
String uri,
String type)
Find a token that has been processed already - in other words, it access previous
results to find the element, rather than conducting a general search
|
static Element |
STRParserUtil.findUnprocessedTokenElement(Document doc,
WSDocInfo docInfo,
CallbackHandler cb,
String uri,
String type)
Find a token that has not been processed already - in other words, it searches for
the element, rather than trying to access previous results to find the element
|
static SamlAssertionWrapper |
STRParserUtil.getAssertionFromKeyIdentifier(SecurityTokenReference secRef,
Element strElement,
RequestData request)
Get an SamlAssertionWrapper object from parsing a SecurityTokenReference that uses
a KeyIdentifier that points to a SAML Assertion.
|
static byte[] |
STRParserUtil.getSecretKeyFromToken(String id,
String type,
int identifier,
RequestData data)
Get the Secret Key from a CallbackHandler
|
static Element |
STRParserUtil.getTokenElement(Document doc,
WSDocInfo docInfo,
CallbackHandler cb,
String uri,
String valueType) |
STRParserResult |
SignatureSTRParser.parseSecurityTokenReference(STRParserParameters parameters)
Parse a SecurityTokenReference element and extract credentials.
|
STRParserResult |
SecurityTokenRefSTRParser.parseSecurityTokenReference(STRParserParameters parameters)
Parse a SecurityTokenReference element and extract credentials.
|
STRParserResult |
STRParser.parseSecurityTokenReference(STRParserParameters parameters)
Parse a SecurityTokenReference element and extract credentials.
|
STRParserResult |
EncryptedKeySTRParser.parseSecurityTokenReference(STRParserParameters parameters)
Parse a SecurityTokenReference element and extract credentials.
|
STRParserResult |
DerivedKeyTokenSTRParser.parseSecurityTokenReference(STRParserParameters parameters)
Parse a SecurityTokenReference element and extract credentials.
|
Modifier and Type | Method and Description |
---|---|
static Element |
STRTransformUtil.createBSTX509(Document doc,
X509Certificate cert,
Element secRefE) |
static Element |
STRTransformUtil.createBSTX509(Document doc,
X509Certificate cert,
Element secRefE,
String secRefEncType) |
static Element |
STRTransformUtil.dereferenceSTR(Document doc,
SecurityTokenReference secRef,
WSDocInfo wsDocInfo)
Retrieves the element representing the referenced content of a STR.
|
Modifier and Type | Method and Description |
---|---|
static Element |
WSSecurityUtil.cloneElement(Document doc,
Element clonedElement)
Register the javax.xml.soap.Node with new Cloned Dom Node with java9
|
static List<Integer> |
WSSecurityUtil.decodeAction(String action) |
static List<HandlerAction> |
WSSecurityUtil.decodeHandlerAction(String action,
WSSConfig wssConfig)
Decode an action String.
|
static WSDataRef |
EncryptionUtils.decryptEncryptedData(Document doc,
String dataRefURI,
Element encData,
SecretKey symmetricKey,
String symEncAlgo,
CallbackHandler attachmentCallbackHandler)
Decrypt the EncryptedData argument using a SecretKey.
|
static WSDataRef |
EncryptionUtils.decryptEncryptedData(Document doc,
String dataRefURI,
Element encData,
SecretKey symmetricKey,
String symEncAlgo,
CallbackHandler attachmentCallbackHandler,
org.apache.xml.security.encryption.Serializer encryptionSerializer)
Decrypt the EncryptedData argument using a SecretKey.
|
static List<Element> |
WSSecurityUtil.findElements(WSEncryptionPart part,
CallbackLookup callbackLookup,
Document doc)
Find the DOM Element in the SOAP Envelope that is referenced by the
WSEncryptionPart argument.
|
static Element |
EncryptionUtils.findEncryptedDataElement(Document doc,
WSDocInfo wsDocInfo,
String dataRefURI)
Look up the encrypted data.
|
static Element |
WSSecurityUtil.findWsseSecurityHeaderBlock(Document doc,
Element envelope,
boolean doCreate)
find the first ws-security header block
|
static Element |
WSSecurityUtil.findWsseSecurityHeaderBlock(Document doc,
Element envelope,
String actor,
boolean doCreate)
find a WS-Security header block for a given actor
|
static byte[] |
WSSecurityUtil.generateNonce(int length)
Generate a nonce of the given length using the SHA1PRNG algorithm.
|
static String |
WSSecurityUtil.getAttachmentId(String xopUri) |
static byte[] |
WSSecurityUtil.getBytesFromAttachment(String xopUri,
CallbackHandler attachmentCallbackHandler) |
static byte[] |
WSSecurityUtil.getBytesFromAttachment(String xopUri,
CallbackHandler attachmentCallbackHandler,
boolean removeAttachments) |
static byte[] |
WSSecurityUtil.getBytesFromAttachment(String xopUri,
RequestData data) |
static byte[] |
EncryptionUtils.getDecodedBase64EncodedData(Element element)
Method getDecodedBase64EncodedData
|
static String |
EncryptionUtils.getDigestAlgorithm(Node encBodyData) |
static String |
X509Util.getEncAlgo(Node encBodyData) |
static String |
EncryptionUtils.getMGFAlgorithm(Node encBodyData) |
static byte[] |
EncryptionUtils.getPSource(Node encBodyData) |
static byte[] |
X509Util.getSecretKey(Element keyInfoElem,
String algorithm,
CallbackHandler cb,
byte[] encryptedKey) |
static Element |
WSSecurityUtil.getSecurityHeader(Document doc,
String actor)
Returns the first WS-Security header element for a given actor.
|
static Element |
WSSecurityUtil.getSecurityHeader(Element soapHeader,
String actor,
boolean soap12)
Returns the first WS-Security header element for a given actor.
|
static void |
WSSecurityUtil.inlineAttachments(List<Element> includeElements,
CallbackHandler attachmentCallbackHandler,
boolean removeAttachments) |
static PublicKey |
X509Util.parseKeyValue(Element keyInfoElement,
XMLSignatureFactory signatureFactory) |
static void |
WSSecurityUtil.storeBytesInAttachment(Element parentElement,
Document doc,
String attachmentId,
byte[] bytes,
CallbackHandler attachmentCallbackHandler) |
static void |
SignatureUtils.verifySignedElement(Element elem,
List<WSSecurityEngineResult> signedResults) |
static void |
SignatureUtils.verifySignedElement(Element elem,
WSDocInfo wsDocInfo) |
Modifier and Type | Method and Description |
---|---|
protected void |
SamlAssertionValidator.checkAuthnStatements(SamlAssertionWrapper samlAssertion)
Check the AuthnStatements of the Assertion (if any)
|
protected void |
SamlAssertionValidator.checkConditions(SamlAssertionWrapper samlAssertion)
Check the Conditions of the Assertion.
|
protected void |
SamlAssertionValidator.checkConditions(SamlAssertionWrapper samlAssertion,
List<String> audienceRestrictions)
Check the Conditions of the Assertion.
|
protected void |
SamlAssertionValidator.checkOneTimeUse(SamlAssertionWrapper samlAssertion,
RequestData data)
Check the "OneTimeUse" Condition of the Assertion.
|
Credential |
Validator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
UsernameTokenValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
TimestampValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
SignatureTrustValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
SamlAssertionValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
NoOpValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
KerberosTokenValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
Credential |
JAASUsernameTokenValidator.validate(Credential credential,
RequestData data)
Validate the credential argument.
|
protected void |
SamlAssertionValidator.validateAssertion(SamlAssertionWrapper samlAssertion)
Validate the samlAssertion against schemas/profiles
|
protected void |
SignatureTrustValidator.validateCertificates(X509Certificate[] certificates)
Validate the certificates by checking the validity of each cert
|
protected void |
SignatureTrustValidator.validatePublicKey(PublicKey publicKey,
Crypto crypto)
Validate a public key
|
protected void |
UsernameTokenValidator.verifyCustomPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing a password of some unknown (but specified) password
type.
|
protected void |
UsernameTokenValidator.verifyDigestPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing a password digest.
|
protected void |
UsernameTokenValidator.verifyPlaintextPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing a plaintext password.
|
protected Credential |
SamlAssertionValidator.verifySignedAssertion(SamlAssertionWrapper samlAssertion,
RequestData data)
Verify trust in the signature of a signed Assertion.
|
protected void |
SamlAssertionValidator.verifySubjectConfirmationMethod(SamlAssertionWrapper samlAssertion)
Check the Subject Confirmation method requirements
|
protected void |
SignatureTrustValidator.verifyTrustInCerts(X509Certificate[] certificates,
Crypto crypto,
RequestData data,
boolean enableRevocation)
Evaluate whether the given certificate chain should be trusted.
|
protected void |
UsernameTokenValidator.verifyUnknownPassword(UsernameToken usernameToken,
RequestData data)
Verify a UsernameToken containing no password.
|
Modifier and Type | Method and Description |
---|---|
protected String |
IssuedTokenAssertionState.validateClaims(Element claimsPolicy,
SamlTokenSecurityEvent samlTokenSecurityEvent) |
Modifier and Type | Method and Description |
---|---|
void |
PolicyEnforcer.registerSecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent securityEvent) |
Modifier and Type | Class and Description |
---|---|
class |
WSSConfigurationException
Exception when configuration errors are detected
|
Modifier and Type | Method and Description |
---|---|
ReplayCache |
WSSSecurityProperties.getNonceReplayCache()
Get the replay cache for Nonces
|
ReplayCache |
WSSSecurityProperties.getSamlOneTimeUseReplayCache()
Get the replay cache for SAML2 OneTimeUse Assertions
|
ReplayCache |
WSSSecurityProperties.getTimestampReplayCache()
Get the replay cache for Timestamps
|
void |
WSInboundSecurityContext.handleBSPRule(BSPRule bspRule) |
Modifier and Type | Method and Description |
---|---|
void |
InboundWSSecurityContextImpl.handleBSPRule(BSPRule bspRule) |
Modifier and Type | Method and Description |
---|---|
Node |
SAMLTokenInputHandler.parseXMLEvent(org.apache.xml.security.stax.ext.stax.XMLSecEvent xmlSecEvent,
Node currentNode,
Document document) |
Modifier and Type | Method and Description |
---|---|
byte[] |
UsernameSecurityTokenImpl.generateDerivedKey()
This method generates a derived key as defined in WSS Username
Token Profile.
|
protected byte[] |
UsernameSecurityTokenImpl.generateDerivedKey(WSInboundSecurityContext wsInboundSecurityContext)
This method generates a derived key as defined in WSS Username
Token Profile.
|
Principal |
X509SecurityTokenImpl.getPrincipal() |
Principal |
UsernameSecurityTokenImpl.getPrincipal() |
Principal |
SamlSecurityTokenImpl.getPrincipal() |
Principal |
RsaKeyValueSecurityTokenImpl.getPrincipal() |
Principal |
KerberosServiceSecurityTokenImpl.getPrincipal() |
Principal |
HttpsSecurityTokenImpl.getPrincipal() |
Principal |
ECKeyValueSecurityTokenImpl.getPrincipal() |
Principal |
DsaKeyValueSecurityTokenImpl.getPrincipal() |
Subject |
X509SecurityTokenImpl.getSubject() |
Subject |
UsernameSecurityTokenImpl.getSubject() |
Subject |
SamlSecurityTokenImpl.getSubject() |
Subject |
RsaKeyValueSecurityTokenImpl.getSubject() |
Subject |
KerberosServiceSecurityTokenImpl.getSubject() |
Subject |
HttpsSecurityTokenImpl.getSubject() |
Subject |
ECKeyValueSecurityTokenImpl.getSubject() |
Subject |
DsaKeyValueSecurityTokenImpl.getSubject() |
protected byte[] |
KerberosServiceSecurityTokenImpl.getTGTSessionKey() |
Constructor and Description |
---|
ExternalSecurityTokenImpl(WSInboundSecurityContext wsInboundSecurityContext,
String id,
org.apache.xml.security.stax.securityToken.SecurityTokenConstants.KeyIdentifier keyIdentifier,
WSSSecurityProperties securityProperties,
boolean included) |
SamlSecurityTokenImpl(WSInboundSecurityContext wsInboundSecurityContext,
String id,
org.apache.xml.security.stax.securityToken.SecurityTokenConstants.KeyIdentifier keyIdentifier,
WSSSecurityProperties securityProperties) |
Modifier and Type | Method and Description |
---|---|
String |
SamlTokenSecurityEvent.getIssuerName() |
abstract String |
IssuedTokenSecurityEvent.getIssuerName() |
SamlAssertionWrapper |
SamlTokenSecurityEvent.getSamlAssertionWrapper() |
Modifier and Type | Method and Description |
---|---|
byte[] |
UsernameSecurityToken.generateDerivedKey() |
Principal |
SubjectAndPrincipalSecurityToken.getPrincipal() |
Subject |
SubjectAndPrincipalSecurityToken.getSubject() |
Modifier and Type | Method and Description |
---|---|
static InboundWSSec |
WSSec.getInboundWSSec(WSSSecurityProperties securityProperties)
Creates and configures an inbound streaming security engine
|
static InboundWSSec |
WSSec.getInboundWSSec(WSSSecurityProperties securityProperties,
boolean initiator)
Creates and configures an inbound streaming security engine
|
static InboundWSSec |
WSSec.getInboundWSSec(WSSSecurityProperties securityProperties,
boolean initiator,
boolean returnSecurityError)
Creates and configures an inbound streaming security engine
|
static OutboundWSSec |
WSSec.getOutboundWSSec(WSSSecurityProperties securityProperties)
Creates and configures an outbound streaming security engine
|
static CallbackHandler |
ConfigurationConverter.loadCallbackHandler(String callbackHandlerClass)
Load a CallbackHandler instance.
|
XMLStreamReader |
InboundWSSec.processInMessage(XMLStreamReader xmlStreamReader)
Warning:
configure your xmlStreamReader correctly.
|
XMLStreamReader |
InboundWSSec.processInMessage(XMLStreamReader xmlStreamReader,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents)
Warning:
configure your xmlStreamReader correctly.
|
XMLStreamReader |
InboundWSSec.processInMessage(XMLStreamReader xmlStreamReader,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
List<org.apache.xml.security.stax.securityEvent.SecurityEventListener> securityEventListeners)
Warning:
configure your xmlStreamReader correctly.
|
XMLStreamReader |
InboundWSSec.processInMessage(XMLStreamReader xmlStreamReader,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener)
Warning:
configure your xmlStreamReader correctly.
|
XMLStreamWriter |
OutboundWSSec.processOutMessage(Object output,
String encoding,
org.apache.xml.security.stax.ext.OutboundSecurityContext outboundSecurityContext) |
XMLStreamWriter |
OutboundWSSec.processOutMessage(OutputStream outputStream,
String encoding,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents)
This method is the entry point for the incoming security-engine.
|
XMLStreamWriter |
OutboundWSSec.processOutMessage(OutputStream outputStream,
String encoding,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener)
This method is the entry point for the incoming security-engine.
|
XMLStreamWriter |
OutboundWSSec.processOutMessage(XMLStreamWriter xmlStreamWriter,
String encoding,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents)
This method is the entry point for the incoming security-engine.
|
XMLStreamWriter |
OutboundWSSec.processOutMessage(XMLStreamWriter xmlStreamWriter,
String encoding,
List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener)
This method is the entry point for the incoming security-engine.
|
XMLStreamWriter |
OutboundWSSec.processOutMessage(XMLStreamWriter xmlStreamWriter,
String encoding,
org.apache.xml.security.stax.ext.OutboundSecurityContext outbounSecurityContext)
This method is the entry point for the incoming security-engine.
|
Modifier and Type | Method and Description |
---|---|
static org.apache.xml.security.stax.securityEvent.TokenSecurityEvent<? extends org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
WSSUtils.createTokenSecurityEvent(org.apache.xml.security.stax.securityToken.InboundSecurityToken inboundSecurityToken,
String correlationID) |
static void |
WSSUtils.doPasswordCallback(CallbackHandler callbackHandler,
Callback callback)
Executes the Callback handling.
|
static String |
WSSUtils.doPasswordDigest(byte[] nonce,
String created,
String password) |
static void |
WSSUtils.doSecretKeyCallback(CallbackHandler callbackHandler,
Callback callback,
String id)
Try to get the secret key from a CallbackHandler implementation
|
Modifier and Type | Method and Description |
---|---|
protected void |
SamlTokenValidatorImpl.checkAuthnStatements(SamlAssertionWrapper samlAssertion)
Check the AuthnStatements of the Assertion (if any)
|
protected void |
SamlTokenValidatorImpl.checkConditions(SamlAssertionWrapper samlAssertion)
Check the Conditions of the Assertion.
|
protected void |
SamlTokenValidatorImpl.checkConditions(SamlAssertionWrapper samlAssertion,
List<String> audienceRestrictions)
Check the Conditions of the Assertion.
|
protected void |
SamlTokenValidatorImpl.checkOneTimeUse(SamlAssertionWrapper samlAssertion,
ReplayCache replayCache)
Check the "OneTimeUse" Condition of the Assertion.
|
org.apache.xml.security.stax.securityToken.InboundSecurityToken |
SecurityContextTokenValidatorImpl.validate(AbstractSecurityContextTokenType securityContextTokenType,
String identifier,
TokenContext tokenContext) |
org.apache.xml.security.stax.securityToken.InboundSecurityToken |
SecurityContextTokenValidator.validate(AbstractSecurityContextTokenType securityContextTokenType,
String identifier,
TokenContext tokenContext) |
org.apache.xml.security.stax.securityToken.InboundSecurityToken |
BinarySecurityTokenValidatorImpl.validate(BinarySecurityTokenType binarySecurityTokenType,
TokenContext tokenContext) |
org.apache.xml.security.stax.securityToken.InboundSecurityToken |
BinarySecurityTokenValidator.validate(BinarySecurityTokenType binarySecurityTokenType,
TokenContext tokenContext) |
void |
SignatureTokenValidatorImpl.validate(org.apache.xml.security.stax.securityToken.InboundSecurityToken inboundSecurityToken,
WSSSecurityProperties wssSecurityProperties) |
void |
SignatureTokenValidator.validate(org.apache.xml.security.stax.securityToken.InboundSecurityToken inboundSecurityToken,
WSSSecurityProperties wssSecurityProperties) |
<T extends SamlSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
SamlTokenValidatorImpl.validate(SamlAssertionWrapper samlAssertionWrapper,
org.apache.xml.security.stax.securityToken.InboundSecurityToken subjectSecurityToken,
TokenContext tokenContext) |
<T extends SamlSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
SamlTokenValidator.validate(SamlAssertionWrapper samlAssertionWrapper,
org.apache.xml.security.stax.securityToken.InboundSecurityToken subjectSecurityToken,
TokenContext tokenContext) |
void |
TimestampValidatorImpl.validate(TimestampType timestampType,
TokenContext tokenContext) |
void |
TimestampValidator.validate(TimestampType timestampType,
TokenContext tokenContext) |
<T extends UsernameSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
UsernameTokenValidatorImpl.validate(UsernameTokenType usernameTokenType,
TokenContext tokenContext) |
<T extends UsernameSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
UsernameTokenValidator.validate(UsernameTokenType usernameTokenType,
TokenContext tokenContext) |
<T extends UsernameSecurityToken & org.apache.xml.security.stax.securityToken.InboundSecurityToken> |
JAASUsernameTokenValidatorImpl.validate(UsernameTokenType usernameTokenType,
TokenContext tokenContext) |
protected void |
SamlTokenValidatorImpl.validateAssertion(SamlAssertionWrapper samlAssertion)
Validate the samlAssertion against schemas/profiles
|
protected void |
UsernameTokenValidatorImpl.verifyCustomPassword(String username,
PasswordString passwordType,
TokenContext tokenContext)
Verify a UsernameToken containing a password of some unknown (but specified) password
type.
|
protected void |
UsernameTokenValidatorImpl.verifyDigestPassword(String username,
PasswordString passwordType,
byte[] nonceVal,
String created,
TokenContext tokenContext)
Verify a UsernameToken containing a password digest.
|
protected void |
UsernameTokenValidatorImpl.verifyPlaintextPassword(String username,
PasswordString passwordType,
TokenContext tokenContext)
Verify a UsernameToken containing a plaintext password.
|
protected void |
SamlTokenValidatorImpl.verifySubjectConfirmationMethod(SamlAssertionWrapper samlAssertion)
Check the Subject Confirmation method requirements
|
Copyright © 2018 JBoss by Red Hat. All rights reserved.